Incident Response and Investigation
• Perform the response to cybersecurity incidents (IT/OT security), managing the lifecycle from CSIRT activation to containment, mitigation, restoration, and post-incident analysis.
• Coordinate with internal and external teams, including asset owners, during major incidents for triage, containment, and recovery efforts.
• Develop short-term containment and long-term eradication strategies to mitigate the impact of cybersecurity threats and prevent future incidents.
• Analyze cybersecurity incidents, including the vulnerabilities exploited and the methods used, and develop response strategies.
• Document and track the steps and procedures followed during incident response activities, ensuring accurate reporting.
• Provide regular updates to leadership on incident status, impact, and recovery strategies, ensuring clear communication of technical and business impacts.
• Collaborate with law enforcement and legal teams on cybercrime investigations (involving forensics investigation) and ensure compliance with legal and regulatory requirements.
• Perform post-incident damage assessment to evaluate the impact on systems and data, and conduct post-incident analysis to identify root causes of attacks.
• Develop post-incident lessons learned reports for continuous improvement of incident response capabilities.
• Automate remediation for low-level incidents to streamline response efforts and improve efficiency.
• Participate in and conduct tabletop exercises and drills to enhance incident response readiness and effectiveness.
• Continuously improve incident response processes by integrating lessons learned, adopting industry best practices, and keeping up with emerging threats.
• Development of cybersecurity Incidents Reports and contributing to internal IR requirements (KPIs status reporting, statistics and dashboard reporting, management and regulatory reports, etc.).
• Supporting other cybersecurity defense functions (VM, TI, IR, TH and Assurance) in accordance with business needs.
• Support cybersecurity defense audit, compliance, risk and regulatory requirements
Digital Forensics Examination and Malware Analysis
• Conduct forensic analysis of systems, networks, and digital artifacts involved in cybersecurity incidents, preserving evidence following forensically sound procedures.
• Use advanced forensic tools to collect and analyze data from compromised devices and perform memory forensics to identify malware or indicators of compromise.
• Perform malware reverse engineering to analyze the behavior of malicious code and identify attack vectors.
• Prepare detailed forensic reports and present findings to stakeholders, including senior leadership, legal teams, and external authorities, as necessary.
• Analyze logs, network traffic, and digital artifacts to reconstruct incidents and assess malicious activity.
• Perform post-incident forensic analysis to identify root causes of attacks and assess damage.
• Ensure that forensic activities follow legal requirements for data collection, evidence preservation (i.e. Chain of Custody), and reporting.
• Collaborate with law enforcement and legal teams on cybercrime investigations, providing detailed forensic reports for legal proceedings.
Policies, Processes and Procedures
• Conduct day-to-day activities while ensuring compliance to policies and procedures
• Contribute to the identification of opportunities for continuous improvement of systems, processes considering leading practices, changes in business environment, cost reduction and productivity improvement
